kevin/dotfiles
1
0
Fork 0
mirror of https://github.com/Unkn0wnCat/dotfiles.git synced 2025-05-31 07:16:09 +02:00
Code Issues Projects Releases Wiki Activity

Add configuration for amon

Browse source
This commit is contained in:
Kevin Kandlbinder 2023-04-24 12:28:23 +02:00
parent ff459f51a4
commit 413b12b4e1
Signed by: kevin
GPG key ID: 1460B586646E180D
6 changed files with 113 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

7
nixos/.sops.yaml
View file

@ -2,6 +2,7 @@ keys:
- &admin_kevin age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6 - &admin_kevin age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
- &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s - &target_kevin-tp age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
- &target_kevin-pc age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj - &target_kevin-pc age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj
- &target_amon age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t
creation_rules: creation_rules:
- path_regex: kevin-tp/secrets/[^/]+\.yaml$ - path_regex: kevin-tp/secrets/[^/]+\.yaml$
key_groups: key_groups:
@ -13,9 +14,15 @@ creation_rules:
- age: - age:
- *admin_kevin - *admin_kevin
- *target_kevin-pc - *target_kevin-pc
- path_regex: amon/secrets/[^/]+\.yaml$
key_groups:
- age:
- *admin_kevin
- *target_amon
- path_regex: shared/secrets/[^/]+\.yaml$ - path_regex: shared/secrets/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:
- *admin_kevin - *admin_kevin
- *target_kevin-tp - *target_kevin-tp
- *target_kevin-pc - *target_kevin-pc
- *target_amon

40
nixos/amon/configuration.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "amon";
networking.domain = "srv.1in9.net";
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
users.users.kevin = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
environment.systemPackages = with pkgs; [
vim
wget
curl
htop
git
];
system.stateVersion = "22.11"; # No touchy.
}

34
nixos/amon/hardware-configuration.nix Normal file
View file

@ -0,0 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/adee2255-4c88-40ca-a0d4-54159014f901";
fsType = "btrfs";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/12c485e2-a8ef-45c3-8bdc-ba7b57551a2f"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

6
nixos/flake-module.nix
View file

@ -51,5 +51,11 @@ in
./kevin-pc/configuration.nix ./kevin-pc/configuration.nix
]; ];
}; };
amon = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = defaultModules ++ [
./amon/configuration.nix
];
};
}; };
} }

1
nixos/modules/mullvad.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {pkgs, ...}:
{ {
services.mullvad-vpn.enable = true; services.mullvad-vpn.enable = true;
services.mullvad-vpn.enableExcludeWrapper = false;
} }

39
nixos/shared/secrets/passwords.yaml
View file

@ -8,29 +8,38 @@ sops:
- recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6 - recipient: age1tyq4g2hfuy7ffl8lycl3yj6saxyk56z4xlmtz7krlq7djx6l7f9snd56q6
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeVQyZi9vWjk2WW4xK3Vy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzbndqVUZPNUdWOE1NQUd6
V04zVTAweHFrZW9XZHZ3ZkZsRmJMUGhPMGo4Cjc5MkZDMFo1ZHJaRzlqTWNSYVBQ ZWZMTG1DQTlHRStPK3FKTnRBdmtUQlZHNUM4CmtIbENwTkFDb0N3dlRnaFJHLzFa
QVF3NDZ5RGRwYmJRWW9HUm1OS0M4TlUKLS0tIEozelFXWUdta3E3WU43dERmTGxP bUlBU3dVWlZ1a00xb21YTm9LU2xZazAKLS0tIEQ5NmVTampweFN5SnhNZWUvOWxQ
YkZoSlliblVGKzUzQUtQRmJlbytnb2cKnY+6xKzKfCr+9UzEL+ELd8bnbIqjIjaJ Q0VadWFoUDA4ZXJoVVdXNVRiTURLOU0KotulBGPQ8CDKzXAt1Mpx0QH3OPLiEoXD
9El1Ch8H6Z0Wv0VU3mop3++2ljs62Y7K4qgRvMnADP5wX7VE6ThtPg== j9VhFgbsZVaICdZvSpf7t9QBrxESEgdEQViWmD2q4QjyY+n3/xSwQw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s - recipient: age17963wrexn2ahn0j39sg6h00wc7q7p4spt64yexg5tzk48x7vyv4sz47c0s
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDc1BsaUx2OWE3eUx5ckVs YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJakhtTk9FaEI4Yll4NXlN
SDM5WGV6UTZoMk01YUcySEZORXh0ZUZ4VUVRCmxNNFVhRWVBcTVHTDcxZE5XbGVO Q2UwQTJvNXF3ODJQZmsrbHBsb3Vja2xwV3g0CkFDUDhXb2FyajRaZkpLdVFFMkhN
akZQYXllSnQ3U0k4ZUJZSTNTSlJYNFUKLS0tIFczVGdCdEIzUEJtRFZ0MVFvRzZV SVlLSkpnd3JmWXVJeWNaRnhtR0xqazQKLS0tIGw0SzlNcm5VdFdwSkZmdmNkZC8v
czNKcGxDNXlqcVB1bkZ5K2VCR3FvcFUKug+0PR4p5e87WdFHtpYbvjph4H5vftz9 aUVLTjJCTVEvOHl2ZmxyL2psQ2tNSnMKDfpJX3YOpuueoJGhha1Cdei5kRnbP/Nx
D7YnwbMqwGAHoNBwE9zsxl6KPinql+DCpZBd4O8P4jwQ3pvu/rLoiQ== ZWXQ4VvXhVg0SCKhZcmW7on5sCBexe1P6JDxnkD0EfULmbgnQ8DmWg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj - recipient: age18zsr2dzd23g4x4dsqw5jzn64x7tsezqs72vj2d4hg7r9kxqxuyts69a7zj
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRmkvSHFaaFV1eGVpd1Jr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVkZqYk5ZM0E2NEdJMmEw
dUh2UWUxdmVIQVFJKzNab0N0djg5Wi92VjFnClRvMDBiVUNHeWtNUHdJazJxR2lB RXZIcURlWkFPVjBzcUw5YUFTMUZ5d1B2ZkZZCmxHYmJ2MDZ2czVveWtkZXRZSDRC
MS9OZTNiTlFCZG1tWFdoSGZRV2hRZTQKLS0tIHBIbXBZVzJkYzUvTVFpMDd2d0x3 WmtKME5ybWtxakd0cS9GWmV6SGpYRmsKLS0tIDcwMDdtUUhyNG9oRGtpSXZ1UU01
dGZQQUdxVUN4d3NVVlVMbmt1SnJTQ1kKbzh0vaSeAxUPdj3fLpZFm3APsFwE+i7C WjRiL2pBbnFtVk9DN3BTUzFjSXdXUjgK7dYmDHt7879OhKC+YSq0DDa1+NSw18WV
ZzT89bMLeYw9q7FSwLluHR3yfMJanFObpoAs0mH5xFZVad+D5h9GcQ== XKUZRT86UU4PoV5BKZLA2zensom7hfy5BkY69Gu/mfFuUVvCcVeGHA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jxzgv6z7emkv2rqztuuzzeq3qjq9jluu6vg0vljcltyvxps5lv3smltd2t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NWJMNlcvakxMblFyRnRM
bWg0YXdRYkxMN2pUL1NwU3E5T042VW5jcEF3Cmg5UTVDaHovVmRvdVlWMEIrNm1N
Wk1KcEJwQk9lYjRFY0dhY1JWMkhvMGsKLS0tIDJWMStITVoxNW1XSGR5Y2lFUVd0
NTU4WHpkSVpJTkNxZks4TUFwbFhWaGMKdkthdQSkJufz7+KBTok1TTyDS57AYIKz
f21wyhY0UDZM9Ncacw5arD1v/6huWvTWmxYuuSdAyblZrLjoeXJnKg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-28T18:31:14Z" lastmodified: "2023-02-28T18:31:14Z"
mac: ENC[AES256_GCM,data:iBl26uWB1vRzXoSklSDpgb1n6xDyFo9BvI5Hyq2eBcRuPWltNBO/WM78UBDqWf4YvtQl4cZ3ccHpV3tWe3vwnMlFhzOactsR29LZl7/7QX9+w6cXhEvKJ8/hGlKkKo2dOmyuUwn36MlJOSZlVjvU1V1JSH1LL6xEdbh0UMzeQvM=,iv:RN+GeAToEHaNegfj+wpC+c9Rz0gqhDxJl+EbEvOsyYM=,tag:gFoUcn/Wn15YLff0a8rw3w==,type:str] mac: ENC[AES256_GCM,data:iBl26uWB1vRzXoSklSDpgb1n6xDyFo9BvI5Hyq2eBcRuPWltNBO/WM78UBDqWf4YvtQl4cZ3ccHpV3tWe3vwnMlFhzOactsR29LZl7/7QX9+w6cXhEvKJ8/hGlKkKo2dOmyuUwn36MlJOSZlVjvU1V1JSH1LL6xEdbh0UMzeQvM=,iv:RN+GeAToEHaNegfj+wpC+c9Rz0gqhDxJl+EbEvOsyYM=,tag:gFoUcn/Wn15YLff0a8rw3w==,type:str]